Personal Health Information Security

We’ve had HIPAA—the Health Insurance Portability and Accountability Act—for nearly 20 years. This act requires, among other things, all handlers of our personal medical information (primarily, but not exclusively, our doctors, hospitals, and health coverage plan providers) to have our permission to pass that information along, even to other doctors, hospitals, and health coverage plan providers and to take adequate steps to safeguard that information when it’s in their hands or being passed along.

It seems that this administration doesn’t consider itself bound by that same law. The latest example of this evident lawlessness is ObamaMart. The GAO has completed its own assessment of ObamaMart’s security and security practices, and it’s unimpressed.

…weaknesses remained in the security and privacy protections applied to HealthCare.gov and its supporting systems.

This is a year after ObamaMart’s rollout and the discovery of its lack of security. This is four years after HHS, through its CDC, began developing ObamaMart and…testing…it. It boggles my pea brain that security problems of this magnitude could still exist.

In the report, the GAO makes six recommendations to the Department of Health and Human Services to implement security and privacy controls to protect sensitive material. The report also makes 22 recommendations to resolve technical weaknesses in security controls.

Problems with the site ranged from the agency not setting up an alternate processing site for HealthCare.gov systems to allow them to be recovered if the site was hacked or went down to the strength of passwords.

These are basic things that any Computer Science 101 freshman knows. But wait—there’s more.

In addition to these weaknesses, we also identified weaknesses in security controls related to boundary protection, identification and authentication, authorization and configuration management. Collectively, these weaknesses put HealthCare.gov systems and the information they contain at increased and unnecessary risk of unauthorized access, use, disclosure, modification, or loss.

These are more of those things any freshman learns. And these are more of the sorts of things that HIPAA was designed to protect.

The HHS has denied some of these problems exist.

HHS has agreed with three of the six recommendations and has agreed with all 22 technical recommendations.

This isn’t incompetence. These folks are extremely intelligent and talented. Nor is this laziness. These folks are among the hardest working in government. No, this shortfall was deliberate.

Among the issues that concerned the administration’s own technical experts at the time was that security testing could not be completed because the system was undergoing so many last-minute changes.

Because securing citizens’ personal information is only an afterthought to this administration. Because obeying the principles and spirit of HIPAA and related Federal laws, if not their letter, just doesn’t matter to this administration.

Obamacare, Errors, and Attitudes

The AP has an article that goes into the pitfalls and pratfalls that Obamacare faces this fall, 2014 enrollment period. I’m interested in one error in particular and the attitude of one Democrat in particular who voted for Obamacare’s passage.

The error was the overpayment by the Federal government of many of the subsidies it handed out to…defray…the premium costs of having an Obamacare health plan. Overpayments could occur from a plan buyer underreporting income, from ObamaMart not correctly matching income data with subsidy accruals, and so on.

As a result of having discovered those overpayments, the government is trying to recoup them from the recipients. Congressman Bill Pascrell (D, NJ) disagrees with making people pay back part of their premium subsidy.

Why should individuals be punished if they got a bump in salary? To me, this was not the ACA I voted on.

Indeed, why should individuals be punished? Yet they would be, if Pascrell’s attitude prevails, by paying out more subsidy than was due. Oh, wait, the individuals being punished are taxpayers.

Of course Pascrell (and his fellow Democrats) know this; they just don’t care about those individuals. Taxpayers, after all, are just money trees with which to fund Democrats’ voters.

Obamacare and Health Coverage Cost Growth

President Barack Obama promised us, all those years ago, that if only Obamacare were enacted, a family’s health plan premium would drop by $2,500 per year, and no one would lose their employer-provided health plan. Period.

These two graphs from The Wall Street Journal draw a different…picture.ObamacareCost

These graphs cover the period since 1999. As the upper graph shows, the premiums for employer-provided health insurance and, since Obamacare’s passage in 2010, for employer-provided health plans, have risen at a steady pace—unchanged by Obamacare, and specifically, no drop in premium cost. It’s the same with the employee’s share of those premiums; that share’s pace of increase also has been unaffected—that is, no drop in cost—from Obamacare.

Now look at the lower graph. After spiking in Obamacare’s year of enactment in 2010, the per centage of businesses offering health plans to their employees has fallen to the lowest level in the 15 years depicted.

At best, Obamacare isn’t lowering employer-covered workers’ health coverage costs. There has been, though, a sharp decrease in the number of folks even offered employer-provided plans.

(That wages have risen much more slowly than health plan premiums is a different subject.)

Obamacare and ObamaMart Strike Again

In the continuing story of ObamaMart’s still incomplete (!) backend, the part of the Web site that takes the citizen’s input and sorts it, collates it with other government information, and then passes it on to other relevant parties—the health plan providers, for instance, and the IRS—there’s this:

Because of complicated connections between the new health care law and income taxes, the Department of Health and Human Services must send out millions of new tax forms next year.

The forms are called 1095-As, and list who in each household has health coverage, and how much the government paid each month to subsidize those insurance premiums. Nearly 5 million people have gotten subsidies through HealthCare.gov.

If the forms are delayed past their Jan 31 deadline, some people may have to wait to file tax returns—and collect their refunds.

A delay of a week or two may not sound like much, but many people depend on their tax refunds to plug holes in family finances.

That folks should better plan their withholding (where possible) and not extend Uncle Sugar a year-long interest-free loan is a separate story. Such planning is typical, and the folks who do this the most are the poorest among us—the very folks President Barack Obama and his ilk claim to be trying to help.

And there’s the coming collapse of employer-provided health plans.

Analysts predict that as ObamaCare takes hold, it will mean the end of employer-provided insurance….

The Wall Street research firm S&P IQ went even further, predicting 90% of such plans will disappear.

Now, I don’t see such an eventuality as necessarily a bad thing. Employer-supplied health plans should be what employer-supplied insurance plans used to be, when the practice began: a matter of employment compensation negotiation between employer and (prospective) employee. What interests me here is the hypocrisy of the thing.

President Barack Obama promised, repeatedly, that

you can keep your plan and your doctor, no matter what[.]

If you lose your employer-supplied health plan, you lose with that “your plan and your doctor” bit. Which, of course, Obama knew at the time he was making those promises. He even bragged about it to then Majority Leader Eric Cantor at the infamous health summit.

Also, when Presidential Candidate Barack Obama was debating Presidential Candidate John McCain in 2008, he decried McCain’s health insurance industry reform proposal as being destructive of employer-supplied health insurance.

[T]his would lead to the unraveling of the employer-based health care system. That, I don’t think, is the kind of change that we need.

Hmm….

The Wrong Question

Jim Angle, of Fox News, usually does better than this.

“Right now the savings that was projected to pay for all this spending [on Obamacare] is not being collected as originally projected,” said Charles Blahous, of the Mercatus Center. He estimated the law will eventually cost $200 billion a year by 2020.

And

“There was about $100 billion that was supposed to come in over the next 10 years from penalties on individuals, if they did not carry health insurance, penalties on employers, if they do not offer health insurance, and to date, those penalties have not been enforced,” Blahous said.

The law also counted on more than $700 billion in cuts to Medicare, including up to $150 billion in cuts to Medicare Advantage, but the president set those aside at the behest of Senate Democrats who feared angering seniors in an election year.

It’s gotten so bad that the CBO will no longer do estimates on Obamacare’s costs, Angle cites American Enterprise Institute’s Joe Antos as saying.

But then Angle goes astray:

The changes, and the overall uncertainty regarding the price tag, are raising concerns about whether the law even has enough revenue coming in to pay for the program.

This is the wrong question. The delays and alterations illustrated above show the essential capriciousness of any government effort—not just the present administration’s effort; this one is only the most active—at emulating a private business arrangement. This law shouldn’t have any revenue coming in to pay for it. This should be a private enterprise matter, with private enterprise raising the money for its private enterprise endeavor—or the endeavor fails, because the free market—American citizen participants—don’t want it. The law shouldn’t exist.